Windows Explorer and SMB Traffic

Server Message Block (SMB) traffic is an application-level network protocol typically used for file and print sharing. Microsoft implements SMB in Windows operating systems through the Workstation and Server services; the client and server components respectively. Although our Networking team supports and troubleshoots issues dealing with SMB itself and the Server and Workstation services, we work with customers on many issues relating to the behavior of Windows Explorer and the Shell.

By default, Windows Explorer generates a lot of SMB traffic - which can result in poor file server performance in some circumstances. However, some of this traffic is superfluous and can be reduced - for example:

Searches for Desktop.ini files used for folder customization

Periodic refreshes of folder contents

Searches for supporting library (.dll) files

Individual file details and attributes pulled for each file

Thumbnail extraction

There are some registry changes you can implement to optimize the SMB traffic being generated. Import the settings below on client machines. Terminal Servers running in Application Mode should be considered client machines in this scenario.

Not all of these settings apply to every Windows Operating System, however any unused settings will be safely ignored by the OS. Also, please ensure that you test any changes thoroughly make sure that user productivity is not impacted before rolling out these changes en masse. You should also ensure that the client machines are updated with the latest SHELL32.DLL hotfix to make sure that all of the options above are properly supported for the operating system in question. You can download Microsoft most of the non-Security related hotfixes yourself. Once you locate the article you need, if there is a "View and request hotfix downloads" link in the article (usually under the title) click on that link and it takes you to a page where you can request the hotfix directly.

There are a couple of other scenarios to consider:

If you use DFS in the environment, Windows XP and Windows Server 2003 clients should be updated with the Hotfix from KB 915377 to prevent excessive "Get_DFS_Referrals" traffic.

If you use Trend Micro Antivirus software on your client machines, and you notice an unusual amount of SMB traffic to your file server that is causing high CPU utilization and possibly a high handle count in the System process, you should review the information in KB Article 941756

As an aside, there is a major revision of the SMB protocol implemented in Windows Vista. This revision is identified as SMB 2.0. Some of the key enhancements of SMB 2.0 include the following:

Support for an arbitrary, extensible way to compound operations to reduce round trips. This makes the protocol less "chatty" when compared to SMB 1.0.

I ask since we're getting slow response and sometimes time outs when saving to a local location (Group policy is redirecting folders to a network share) - intermittently about 1 or 2 times a week on different PC's (among 10 Vista PC's connected to a SBS 2008).

Looked in Technet, Vista Froums and Server forums and came up with others asking questions but no posts to a solution.

Mass Psychology of

4 Nov 2010 1:05 AM

Some language in KB834350 say 10 in decimal. The English say 10 in hex. Please make corrections.